version 4

IEWB-RS Technology Labs

IP Services

Brian Dennis, CCIE # 2210 (R&S / ISP Dial / Security / Service Provider)
Brian McGahan, CCIE# 8583 (R&S / Service Provider)
CCIE R&S Advanced Technologies Labs IP Services

Copyright Information
Copyright © 2003 - 2007 Internetwork Expert, Inc. All rights reserved.

The following publication, CCIE Routing and Switching Lab Workbook, was
developed by Internetwork Expert, Inc. All rights reserved. No part of this publication may
be reproduced or distributed in any form or by any means without the prior written
permission of Internetwork Expert, Inc.

Cisco®, Cisco® Systems, CCIE, and Cisco Certified Internetwork Expert, are registered
trademarks of Cisco® Systems, Inc. and/or its affiliates in the U.S. and certain countries.
All other products and company names are the trademarks, registered trademarks, and
service marks of the respective owners. Throughout this manual, Internetwork Expert,
Inc. has used its best efforts to distinguish proprietary trademarks from descriptive
names by following the capitalization styles used by the manufacturer.

Disclaimer

The following publication, CCIE Routing and Switching Lab Workbook, is designed to
assist candidates in the preparation for Cisco Systems’ CCIE Routing & Switching Lab
exam. While every effort has been made to ensure that all material is as complete and
accurate as possible, the enclosed material is presented on an “as is” basis. Neither the
authors nor Internetwork Expert, Inc. assume any liability or responsibility to any person
or entity with respect to loss or damages incurred from the information contained in this
workbook.

This workbook was developed by Internetwork Expert, Inc. and is an original work
of the aforementioned authors. Any similarities between material presented in
TM
this workbook and actual CCIE lab material is completely coincidental.

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- ii -
CCIE R&S Advanced Technologies Labs IP Services

COMMON CONFIGURATION .......................................................................................1

PROXY ARP ...........................................................................................................3
LOCAL PROXY ARP.................................................................................................6
SECURING VIRTUAL TERMINAL LINE ACCESS .............................................................8
CONTROLLING VIRTUAL TERMINAL LINE ACCESS ......................................................10
USING DHCP FOR AUTOCONFIGURATION................................................................12
DHCP RELAY .......................................................................................................14
CONFIGURING DHCP HOST POOLS ........................................................................16
AUTOINSTALL OVER FRAME-RELAY .........................................................................19
USING NTP FOR TIME SYNCHRONIZATION ...............................................................22
AUTHENTICATING NTP UPDATES ............................................................................25
ROUTER MENUS ....................................................................................................28
GATEWAY REDUNDANCY WITH VRRP .....................................................................31
GATEWAY REDUNDANCY WITH HSRP .....................................................................35

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- iii -
CCIE R&S Advanced Technologies Labs IP Services

Common Configuration

Objective: Create common configuration for IP Services scenarios

Directions

• Create VLAN 146 on SW1 and SW2

• Configure the respective switchports in this VLAN (SW1: Fa 0/1, SW2: Fa
0/4 and Fa 0/6)
• Configure interface Fa 0/13 on SW1 and SW2 as 802.1q trunk
• Configure IP addressing on VLAN146 interfaces as per diagram
• Configure Frame-Relay interfaces on R4 and R5. Use physical interface
type, and static mappings. Map broadcasts to each endpoint
• Configure IP addressing on FR interfaces as per diagram

Final Configuration
SW1:
vlan 146
interface Fa 0/1
switchport host
switchport access vlan 146
!
interface fastEthernet 0/13
switchport trunk encaps dot1q
switchport mode trunk

SW2:
vlan 146
interface range Fa 0/4 , Fa 0/6
switchport host
switchport access vlan 146
!
interface fastEthernet 0/13
switchport trunk encaps dot1q
switchport mode trunk

R1:
inter fa 0/0
ip address 155.1.146.1 255.255.255.0
no shut

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

-1-
CCIE R&S Advanced Technologies Labs IP Services

R4:
inter ethernet 0/0
ip address 155.1.146.4 255.255.255.0
no shut
!
interface Serial 0/0
encaps frame-relay
no frame-relay inverse
ip address 155.1.0.4 255.255.255.0
frame map ip 155.1.0.5 405 broad
no shutdown

R5:
interface Serial 0/0
encaps frame-relay
no frame-relay inverse
ip address 155.1.0.5 255.255.255.0
frame map ip 155.1.0.4 504 broad
no shut

R6:
inter gig 0/0
ip address 155.1.146.6 255.255.255.0
no shut

Verification

R4#ping 155.1.146.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 155.1.146.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms

R4#ping 155.1.146.6

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 155.1.146.6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms

R4#ping 155.1.0.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 155.1.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/65/76 ms

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

-2-
CCIE R&S Advanced Technologies Labs IP Services

Proxy ARP

Objective: Configure router to answer ARP requests on behalf of remote routers

Directions

• Pre-configure routers per the IP Services “Common Configuration”

scenario
• Disable IP routing on R1 and R6
• Enable Proxy ARP on R4 Ethernet interface

Final Configuration

R1 & R6:
no ip routing

R4:
interface Ethernet 0/0
ip proxy-arp

Verification

R4#show ip interface ethernet 0/0

Ethernet0/0 is up, line protocol is up
Internet address is 155.1.146.4/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

-3-
CCIE R&S Advanced Technologies Labs IP Services

ICMP mask replies are never sent

IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled

R1#debug arp
ARP packet debugging is on

R4#debug arp
ARP packet debugging is on

R1#ping 155.1.0.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 155.1.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms

R1#
*Mar 1 00:56:54.203: IP ARP: creating incomplete entry for IP address:
155.1.0.4 interface FastEthernet0/0
*Mar 1 00:56:54.203: IP ARP: sent req src 155.1.146.1 0004.27b5.2fa0,
dst 155.1.0.4 0000.0000.0000 FastEthernet0/0
*Mar 1 00:56:54.207: IP ARP: rcvd rep src 155.1.0.4 00b0.6416.2dc1, dst
155.1.146.1 FastEthernet0/0

R4#
IP ARP: rcvd req src 155.1.146.1 0004.27b5.2fa0, dst 155.1.0.4 Ethernet0/0
IP ARP: sent rep src 155.1.0.4 00b0.6416.2dc1,
dst 155.1.146.1 0004.27b5.2fa0 Ethernet0/0

R4#show int ethernet 0/0

Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 00b0.6416.2dc1 (bia 00b0.6416.2dc1)
Internet address is 155.1.146.4/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:56, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1751 packets input, 842436 bytes, 0 no buffer
Received 1734 broadcasts, 0 runts, 0 giants, 0 throttles

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

-4-
CCIE R&S Advanced Technologies Labs IP Services

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 input packets with dribble condition detected
216 packets output, 63872 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

-5-
CCIE R&S Advanced Technologies Labs IP Services

Local Proxy ARP

Objective: Configure router to answer ARP requests on behalf of hosts in the

same local segment

Directions

• Pre-configure routers per the IP Services “Common Configuration”

scenario
• Enable IP routing on R1
• Enalbe Proxy ARP and Local Proxy ARP on R1’s Ethernet interface
• Configure SW2 Fa 0/4 and SW2 Fa 0/6 as protected ports. This way,
those routers won’t hear each other’s ARP requests

Final Configuration
SW2:
interface range Fa 0/4 , Fa 0/6
switchport protected

R1:
ip routing
!
interface Fa 0/0
ip proxy-arp
ip local-proxy-arp

Verification

R4#clear arp-cache
R4#ping 155.1.146.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 155.1.146.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

R4#ping 155.1.146.6

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

-6-
CCIE R&S Advanced Technologies Labs IP Services

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 155.1.146.6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms

R4#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 155.1.146.1 1 0004.27b5.2fa0 ARPA Ethernet0/0
Internet 155.1.146.4 - 00b0.6416.2dc1 ARPA Ethernet0/0
Internet 155.1.146.6 0 0004.27b5.2fa0 ARPA Ethernet0/0

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

-7-
CCIE R&S Advanced Technologies Labs IP Services

Securing Virtual Terminal Line Access

Objective: Configure router to use secure transport for terminal line access

Directions

• Pre-configure routers per the IP Services “Common Configuration”

scenario
• Configure domain-name “internetworkexpert.com” on R4.
• Generate RSA key-pair on R4
• Configure SSH as the only allowed input transport on R4’s VTY lines
• Enable local authentication on VTY lines on R4
• Create local username CISCO with password CISCO on R4

Final Configuration
R4:
ip domain-name internetworkexpert.com
crypto key generate rsa general modulus 512
!
line vty 0 4
login local
transport input ssh
!
username CISCO pass CISCO

Verification

R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#ip domain-name internetworkexpert.com
R4(config)#crypto key generate rsa general modulus 512
The name for the keys will be: R4.internetworkexpert.com

% The key modulus size is 512 bits

% Generating 512 bit RSA keys ...[OK]

%SSH-5-ENABLED: SSH 1.99 has been enabled

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

-8-
CCIE R&S Advanced Technologies Labs IP Services

R1#ssh -l CISCO 155.1.146.4

Password: CISCO

R4>show ssh
Connection Version Encryption State Username
0 1.5 3DES Session started CISCO
%No SSHv2 server connections running.

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

-9-
CCIE R&S Advanced Technologies Labs IP Services

Controlling Virtual Terminal Line Access

Objective: Configure router to limit virtual terminal line access

Directions

• Pre-configure routers per the IP Services “Common Configuration”

scenario
• Configure R4 to access telnet connections on ports 23 and 3001. Use
“rotary” command for this task
• Create access-list 100 on R4; permit TCP connections from network
155.X.146.0/24 to anywhere port 23; permit TCP connections from
network 155.X.0.0/24 to anywhere port 3001. Deny any Log everything els
• Apply this access-list to R4’s VTY lines and enable local authentication on
these lines
• Create local username CISCO with password CISCO on R4

Final Configuration
R4:
line vty 4
rotary 1
!
access-list 100 permit tcp 155.1.146.0 0.0.0.255 any eq 23
access-list 100 permit tcp 155.1.0.0 0.0.0.255 any eq 3001
access-list 100 deny ip any any log
!
line vty 0 4
login local
access-class 100 in
!
username CISCO pass CISCO

Verification

R1#telnet 155.1.146.4 3001

Trying 155.1.146.4, 3001 ...
% Connection refused by remote host

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 10 -
CCIE R&S Advanced Technologies Labs IP Services

R1#telnet 155.1.146.4
Trying 155.1.146.4 ... Open

User Access Verification

Username: CISCO
Password: CISCO
R4>

R5#telnet 155.1.0.4
Trying 155.1.0.4 ...
% Connection refused by remote host

R5#telnet 155.1.0.4 3001

Trying 155.1.0.4, 3001 ... Open

User Access Verification

Username: CISCO
Password: CISCO
R4>

R4#
%SEC-6-IPACCESSLOGP: list 100 denied tcp 155.1.146.1(11000) -> 0.0.0.0(3001), 1
packet
%SEC-6-IPACCESSLOGP: list 100 denied tcp 155.1.0.5(30802) -> 0.0.0.0(23), 1
packet

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 11 -
CCIE R&S Advanced Technologies Labs IP Services

Using DHCP for Autoconfiguration

Objective: Configure R4 to support configuration information to hosts on

VLAN 146

Directions

• Pre-configure routers per the IP Services “Common Configuration”

scenario
• Create DHCP address pool VLAN146 on R4
• Clients should get their addresses from range 155.X.146.0/25. Exclude R4
address from this allocation
• Configure DHCP to allocate R4 as default gateway
• Domain-name should be “internetworkexpert.com”
• Configure R1 and R4 to obtain IP addresses via DHCP

Final Configuration
R4:
ip dhcp pool VLAN146
network 155.1.146.0 /24
default-router 155.1.146.4
domain-name internetworkexpert.com
exit
!
ip dhcp excluded-address 155.1.146.4

R1:
interface Gig 0/0
ip address dhcp

R6:
interface Fa 0/0
ip address dhcp

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 12 -
CCIE R&S Advanced Technologies Labs IP Services

Verification

R1#debug dhcp
DHCP client activity debugging is on
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int fa 0/0
R1(config-if)#ip add dhcp
DHCP: DHCP client process started: 10
RAC: Starting DHCP discover on FastEthernet0/0
DHCP: Try 1 to acquire address for FastEthernet0/0
DHCP: allocate request
DHCP: zapping entry in DHC_PURGING state for Fa0/0
DHCP: new entry. add to queue
DHCP: SDiscover attempt # 1 for entry:
DHCP: SDiscover: sending 294 byte length DHCP packet
DHCP: SDiscover 294 bytes
B'cast on FastEthernet0/0 interface from 0.0.0.0

DHCP: Received a BOOTREP pkt

DHCP: offer received from 155.1.146.4
DHCP: SRequest attempt # 1 for entry:
DHCP: SRequest- Server ID option: 155.1.146.4
DHCP: SRequest- Requested IP addr option: 155.1.146.2
DHCP: SRequest placed lease len option: 86400
DHCP: SRequest: 312 bytes
DHCP: SRequest: 312 bytes
B'cast on FastEthernet0/0 interface from 0.0.0.0
DHCP: Received a BOOTREP pkt
Interface FastEthernet0/0 assigned DHCP address 155.1.146.2, mask 255.255.255.0

DHCP Client Pooling: ***Allocated IP address: 155.1.146.2

Allocated IP address = 155.1.146.2 255.255.255.0

R1#show dhcp lease

Temp IP addr: 155.1.146.2 for peer on Interface: FastEthernet0/0
Temp sub net mask: 255.255.255.0
DHCP Lease server: 155.1.146.4, state: 3 Bound
DHCP transaction id: 2B2278
Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs
Temp default-gateway addr: 155.1.146.4
Next timer fires after: 11:58:51
Retry count: 0 Client-ID: cisco-0004.27b5.2fa0-Fa0/0
Hostname: R1

R4#show ip dhcp binding

Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
155.1.146.2 0063.6973.636f.2d30. Mar 22 1993 02:05 PM Automatic
3030.342e.3237.6235.
2e32.6661.302d.4661.
302f.30

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 13 -
CCIE R&S Advanced Technologies Labs IP Services

DHCP Relay

Objective: Configure router relay DHCP requests to DHCP server

Directions

• Pre-configure routers per the IP Services “Common Configuration”

scenario
• Create DHCP address pool VLAN146 on R5
• Clients should get their addresses from range 155.X.146.0/25. Exclude R4
address from this allocation
• Configure DHCP to allocate R4 as default gateway
• Domain-name should be “internetworkexpert.com”
• Configure R4’s Ethernet interface with helper address 155.X.0.5
• Configure R1 and R4 to obtain IP addresses via DHCP
• Add a static router to network 155.X.146.0/24 on R5, so that DHCP replies
may reach R4’s IP (giaddr field)

Final Configuration
R5:
ip dhcp pool VLAN146
network 155.1.146.0 /24
default-router 155.1.146.4
domain-name internetworkexpert.com
exit
!
ip dhcp excluded-address 155.1.146.4
!
ip route 155.1.146.0 255.255.255.0 155.1.0.4

R4:
interface Ethernet 0/0
ip helper-address 155.1.0.5

R1:
interface Gig 0/0
ip address dhcp

R6:

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 14 -
CCIE R&S Advanced Technologies Labs IP Services

interface Fa 0/0
ip address dhcp

Verification

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int fa 0/0
R1(config-if)#ip add dhcp
DHCP: DHCP client process started: 10
RAC: Starting DHCP discover on FastEthernet0/0
DHCP: Try 1 to acquire address for FastEthernet0/0
DHCP: allocate request
DHCP: zapping entry in DHC_PURGING state for Fa0/0
DHCP: new entry. add to queue
DHCP: SDiscover attempt # 1 for entry:
DHCP: SDiscover: sending 294 byte length DHCP packet
DHCP: SDiscover 294 bytes
B'cast on FastEthernet0/0 interface from 0.0.0.0

DHCP: Received a BOOTREP pkt

DHCP: offer received from 155.1.0.5
DHCP: SRequest attempt # 1 for entry:
DHCP: SRequest- Server ID option: 155.1.0.5
DHCP: SRequest- Requested IP addr option: 155.1.146.2
DHCP: SRequest placed lease len option: 86400
DHCP: SRequest: 312 bytes
DHCP: SRequest: 312 bytes
B'cast on FastEthernet0/0 interface from 0.0.0.0
DHCP: Received a BOOTREP pkt
Interface FastEthernet0/0 assigned DHCP address 155.1.146.2, mask 255.255.255.0

DHCP Client Pooling: ***Allocated IP address: 155.1.146.2

Allocated IP address = 155.1.146.2 255.255.255.0

R5#show ip dhcp binding

Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
155.1.146.2 0063.6973.636f.2d30. Mar 22 1993 04:11 PM Automatic
3030.342e.3237.6235.
2e32.6661.302d.4661.
302f.30

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 15 -
CCIE R&S Advanced Technologies Labs IP Services

Configuring DHCP Host Pools

Objective: Configure router to support static DHCP bindings

Directions

• Pre-configure routers per the IP Services “DHCP Relay” scenario

• Configure R5 to allocate static IP address 155.X.146.6 to R6 and static IP
address 155.X.146.1 to R1
• Create DHCP pool R6 and assign host IP address 155.X.146.6/24 to it.
This pool should be bound to R6’s Client-ID
• Create DHCP pool R1 and host IP address 155.X.146.1/24 to it. This pool
should be bound to R1’s Client-ID
• You may discover particular Router’s Client-ID by observing “debug ip
dhcp server packet” output on DHCP server

Final Configuration
R5:
ip dhcp pool R6
host 155.1.146.6
client-id
0063.6973.636f.2d30.3031.352e.3632.3265.2e65.3533.302d.4769.302f.30
!
ip dhcp pool R1
host 155.1.146.1
client-id
0063.6973.636f.2d30.3030.342e.3237.6235.2e32.6661.302d.4661.302f.30

Verification
R5#debug ip dhcp server packet
R5#

R6#show dhcp lease

Temp IP addr: 155.1.146.6 for peer on Interface: GigabitEthernet0/0
Temp sub net mask: 255.255.255.0
DHCP Lease server: 155.1.0.5, state: 3 Bound
DHCP transaction id: 4C2

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 16 -
CCIE R&S Advanced Technologies Labs IP Services

Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs

Temp default-gateway addr: 155.1.146.4
Next timer fires after: 11:59:48
Retry count: 0 Client-ID: cisco-0015.622e.e530-Gi0/0
Client-ID hex dump: 636973636F2D303031352E363232652E
653533302D4769302F30
Hostname: R6

R1#show dhcp lease

Temp IP addr: 155.1.146.1 for peer on Interface: FastEthernet0/0
Temp sub net mask: 255.255.255.0
DHCP Lease server: 155.1.0.5, state: 3 Bound
DHCP transaction id: 808017
Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs
Temp default-gateway addr: 155.1.146.4
Next timer fires after: 11:59:35
Retry count: 0 Client-ID: cisco-0004.27b5.2fa0-Fa0/0
Hostname: R1

R5#
DHCPD: Sending notification of DISCOVER:
DHCPD: htype 1 chaddr 0015.622e.e530
DHCPD: circuit id 01f80000
DHCPD: DHCPDISCOVER received from client
0063.6973.636f.2d30.3031.352e.3632.3265.2e65.3533.302d.4769.302f.30 through
relay 155.1.146.4.
DHCPD: Seeing if there is an internally specified pool class:
DHCPD: htype 1 chaddr 0015.622e.e530
DHCPD: circuit id 01f80000
DHCPD: Sending DHCPOFFER to client
0063.6973.636f.2d30.3031.352e.3632.3265.2e65.3533.302d.4769.302f.30
(155.1.146.6).
DHCPD: unicasting BOOTREPLY for client 0015.622e.e530 to relay 155.1.146.4.
DHCPD: DHCPREQUEST received from client
0063.6973.636f.2d30.3031.352e.3632.3265.2e65.3533.302d.4769.302f.30.
DHCPD: Sending notification of ASSIGNMENT:
DHCPD: address 155.1.146.6 mask 255.255.255.0
DHCPD: lease time remaining (secs) = -1
DHCPD: No default domain to append - abort update
DHCPD: Sending DHCPACK to client
0063.6973.636f.2d30.3031.352e.3632.3265.2e65.3533.302d.4769.302f.30
(155.1.146.6).
DHCPD: unicasting BOOTREPLY for client 0015.622e.e530 to relay 155.1.146.4.
DHCPD: Sending notification of DISCOVER:
DHCPD: htype 1 chaddr 0004.27b5.2fa0
DHCPD: circuit id 01f80000
DHCPD: DHCPDISCOVER received from client
0063.6973.636f.2d30.3030.342e.3237.6235.2e32.6661.302d.4661.302f.30 through
relay 155.1.146.4.
DHCPD: Seeing if there is an internally specified pool class:
DHCPD: htype 1 chaddr 0004.27b5.2fa0
DHCPD: circuit id 01f80000
DHCPD: Sending DHCPOFFER to client
0063.6973.636f.2d30.3030.342e.3237.6235.2e32.6661.302d.4661.302f.30
(155.1.146.1).
DHCPD: unicasting BOOTREPLY for client 0004.27b5.2fa0 to relay 155.1.146.4.
DHCPD: DHCPREQUEST received from client
0063.6973.636f.2d30.3030.342e.3237.6235.2e32.6661.302d.4661.302f.30.
DHCPD: Sending notification of ASSIGNMENT:
DHCPD: address 155.1.146.1 mask 255.255.255.0
DHCPD: lease time remaining (secs) = -1
DHCPD: No default domain to append - abort update

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 17 -
CCIE R&S Advanced Technologies Labs IP Services

DHCPD: Sending DHCPACK to client

0063.6973.636f.2d30.3030.342e.3237.6235.2e32.6661.302d.4661.302f.30
(155.1.146.1).
DHCPD: unicasting BOOTREPLY for client 0004.27b5.2fa0 to relay 155.1.146.4.
DHCPD: checking for expired leases.

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 18 -
CCIE R&S Advanced Technologies Labs IP Services

AutoInstall over Frame-Relay

Objective: Configure router for autoinstall over Frame-Relay Link

Directions

• Pre-configure routers per the IP Services “Common Configuration”

scenario
• In this task, R5 is router that executes AutoInstall, R4 acts as staging
router, R1 is TFTP and DNS server
• In the process of autoconfiguration, R5 will obtain it’s IP address via
BOOTP from static mapping on R4
• Next R5 will try to obtain network-wide configuration file from R1 and get it
hostname from this file
• We are not going to provide this file to R5, so next it will try to obtain it’s
name via DNS request, which will be answered by R1
• Having obtained it’s name, R5 will send TFTP request for it’s host
configuration, which will be provided by R1
• Configure R4 to relay broadcast requests to IP address of R1
• Configure R1 to store R5’s configuration in the flash, on give it the name
“r5-confg” (or use alias to this name later on)
• Enable TFTP server on R1 to respond to requests on this file
• Configure R6 as DNS server and map name R5 to ip address of 155.1.0.5
• Configure static route to 155.1.0.0/24 to R4 on R1

Final Configuration
First, obtain a copy of R5’s configuration on R1:

R5#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#tftp-server system:running-config alias R5.cfg
R5(config)#ip route 155.1.146.0 255.255.255.0 155.1.0.4

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 19 -
CCIE R&S Advanced Technologies Labs IP Services

R1(config)#ip route 155.1.0.0 255.255.255.0 155.1.146.4

R1#copy tftp flash:
Address or name of remote host []? 155.1.0.5
Source filename []? R5.cfg
Destination filename [R5.cfg]?
Accessing tftp://155.1.0.5/R5.cfg...
Erase flash: before copying? [confirm]n
Loading R5.cfg from 155.1.0.5 (via FastEthernet0/0): !
[OK - 1263 bytes]

Verifying checksum... OK (0x9A03)

1263 bytes copied in 4.948 secs (255 bytes/sec)

R4:
interface Serial 0/0
ip helper-address 155.1.146.1

R1:
tftp-server flash:R5.cfg alias r5-confg
ip route 155.1.0.0 255.255.255.0 155.1.146.4
!
ip dns server
ip host R5 155.1.0.5

Verification

R5#wr era
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm]
[OK]
Erase of nvram: complete
R5#reload

System configuration has been modified. Save? [yes/no]: no

Proceed with reload? [confirm]
……

Would you like to enter the initial configuration dialog? [yes/no]:

Press RETURN to get started!

*Mar 1 00:00:10.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface VoIP-

Null0, changed state to upsslinit fn

*Mar 1 00:00:24.691: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up

*Mar 1 00:00:27.691: %LINK-3-UPDOWN: Interface Serial0/1, changed state to
down
*Mar 1 00:00:27.691: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to
up
*Mar 1 00:00:30.691: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to
up
*Mar 1 00:00:33.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface , changed
state to up
*Mar 1 00:00:36.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0, changed state to up
*Mar 1 00:00:36.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/1, changed state to down
*Mar 1 00:00:36.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Ethernet0/0, changed state to up

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 20 -
CCIE R&S Advanced Technologies Labs IP Services

*Mar 1 00:00:36.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface

Ethernet0/1, changed state to up
*Mar 1 00:00:57.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0, changed state to down
*Mar 1 00:01:15.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0, changed state to up
*Mar 1 00:02:16.875: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to
administratively down
*Mar 1 00:02:16.879: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to
administratively down
*Mar 1 00:02:16.879: %LINK-5-CHANGED: Interface Serial0/1, changed state to
administratively down
*Mar 1 00:02:17.875: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Ethernet0/0, changed state to down
*Mar 1 00:02:17.879: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Ethernet0/1, changed state to down
*Mar 1 00:02:19.691: %IP-5-WEBINST_KILL: Terminating DNS process
*Nov 17 13:45:24.679: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.3(14)T7, RELEASE
SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 22-Mar-06 21:46 by pwade
*Nov 17 13:45:24.691: %SNMP-5-COLDSTART: SNMP agent on host Router is
undergoing a cold start
*Nov 17 13:45:33.975: %SYS-5-CONFIG_I: Configured from tftp://155.1.146.1/r5-
confg by console
R5#

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 21 -
CCIE R&S Advanced Technologies Labs IP Services

Using NTP for Time Synchronization

Objective: Configure routers to synchronize time via NTP

Directions

• Pre-configure routers per the IP Services scenario “Common

Configuration”
• Configure R5 as NTP master in stratum 1
• Configure R5 to broadcast NTP updates on Frame-Relay interface
• Configure R4 to listen to NTP updates on Frame-Relay interface
• Configure R1 and R6 to use R4 as NTP server
• Configure R1 and R6 to peer over NTP

Final Configuration
R5:
ntp master 1
!
interface Serial 0/0
ntp broadcast

R4:
interface Serial 0/0
ntp broadcast client

R1:
ntp server 155.1.146.4

R6:
ntp server 155.1.146.4
ntp peer 155.1.146.1

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 22 -
CCIE R&S Advanced Technologies Labs IP Services

Verification

R4#show ntp associations detail

155.1.0.5 dynamic, our_master, sane, valid, stratum 1
ref ID .LOCL., time C906F6E3.C1916C87 (14:40:35.756 UTC Thu Nov 16 2006)
our mode bdcast client, peer mode bdcast, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.03, reach 16, sync dist 7917.526
delay 48.20 msec, offset 29.6415 msec, dispersion 7893.40
precision 2**24, version 3
org time C906F710.C19325BE (14:41:20.756 UTC Thu Nov 16 2006)
rcv time C906F710.CF7E9071 (14:41:20.810 UTC Thu Nov 16 2006)
xmt time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
filtdelay = 48.20 48.20 0.00 0.00 0.00 0.00 0.00 0.00
filtoffset = 29.64 -5.20 0.00 0.00 0.00 0.00 0.00 0.00
filterror = 0.99 1.97 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0

R1#show ntp associations detail

155.1.146.6 dynamic, selected, sane, valid, stratum 3
ref ID 155.1.146.4, time C906FB7E.6A99B411 (15:00:14.416 UTC Thu Nov 16 2006)
our mode passive, peer mode active, our poll intvl 64, peer poll intvl 128
root delay 50.61 msec, root disp 74.83, reach 7, sync dist 7976.959
delay 2.30 msec, offset -2.6652 msec, dispersion 7875.67
precision 2**18, version 3
org time C906FB9C.69DAE6AB (15:00:44.413 UTC Thu Nov 16 2006)
rcv time C906FB9C.6AD54724 (15:00:44.417 UTC Thu Nov 16 2006)
xmt time C906FB75.AE31B8C7 (15:00:05.680 UTC Thu Nov 16 2006)
filtdelay = 2.30 2.20 0.00 0.00 0.00 0.00 0.00 0.00
filtoffset = -2.67 -2.53 0.00 0.00 0.00 0.00 0.00 0.00
filterror = 0.61 1.59 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0

155.1.146.4 configured, our_master, sane, valid, stratum 2

ref ID 155.1.0.5, time C906FB50.D2C513AD (14:59:28.823 UTC Thu Nov 16 2006)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 48.20 msec, root disp 55.92, reach 377, sync dist 83.557
delay 3.11 msec, offset -12.9198 msec, dispersion 1.25
precision 2**24, version 3
org time C906FB6C.AB643E8D (14:59:56.669 UTC Thu Nov 16 2006)
rcv time C906FB6C.AF1942D7 (14:59:56.683 UTC Thu Nov 16 2006)
xmt time C906FB6C.AE4935DF (14:59:56.680 UTC Thu Nov 16 2006)
filtdelay = 3.11 3.20 3.22 3.13 3.23 3.40 3.17 3.13
filtoffset = -12.92 -13.32 -13.50 -8.73 -8.44 -11.43 -13.80 -8.01
filterror = 0.02 0.99 1.97 3.63 5.58 6.56 7.10 8.07

R6#show ntp associations detail

155.1.146.1 configured, selected, sane, valid, stratum 3
ref ID 155.1.146.4, time C906FBAC.AE9327F7 (15:01:00.681 UTC Thu Nov 16 2006)
our mode active, peer mode passive, our poll intvl 128, peer poll intvl 64
root delay 51.38 msec, root disp 88.82, reach 377, sync dist 116.364
delay 1.83 msec, offset 2.9012 msec, dispersion 0.95
precision 2**18, version 3
org time C906FBB5.ADA71EB2 (15:01:09.678 UTC Thu Nov 16 2006)
rcv time C906FBB5.AD253AAC (15:01:09.676 UTC Thu Nov 16 2006)
xmt time C906FB9C.69DAE6AB (15:00:44.413 UTC Thu Nov 16 2006)
filtdelay = 1.83 2.11 2.14 2.01 2.03 1.98 2.04 2.03
filtoffset = 2.90 2.57 2.50 2.17 1.87 1.62 0.01 -3.02
filterror = 0.40 1.24 2.08 3.05 4.03 5.00 5.98 6.96

155.1.146.4 configured, our_master, sane, valid, stratum 2

ref ID 155.1.0.5, time C906FB50.D2C513AD (14:59:28.823 UTC Thu Nov 16 2006)
our mode client, peer mode server, our poll intvl 128, peer poll intvl 128

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 23 -
CCIE R&S Advanced Technologies Labs IP Services

root delay 48.20 msec, root disp 55.92, reach 377, sync dist 82.779
delay 2.41 msec, offset -9.2902 msec, dispersion 0.72
precision 2**24, version 3
org time C906FB7E.67E96411 (15:00:14.405 UTC Thu Nov 16 2006)
rcv time C906FB7E.6A99B411 (15:00:14.416 UTC Thu Nov 16 2006)
xmt time C906FB7E.69F75251 (15:00:14.413 UTC Thu Nov 16 2006)
filtdelay = 2.41 2.15 2.43 2.18 2.14 2.20 2.17 2.41
filtoffset = -9.29 -9.90 -10.00 -10.04 -10.12 -10.18 -10.25 -10.38
filterror = 0.02 1.97 1.98 2.00 2.01 2.03 2.04 2.06

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 24 -
CCIE R&S Advanced Technologies Labs IP Services

Authenticating NTP Updates

Objective: Authenticate NTP updates between routers

Directions

• Pre-configure routers per the IP Services scenario “Using NTP for Time
Synchronization”
• Configure R5 to authenticate NTP messages sent over FR interface with
key CISCO45. This key should have number 45
• Configure R4 to accept NTP messages only if they are authenticated with
key number 45 having key-string CISCO45
• Configure R4 to respond on authenticated messages with key number 41
and 46. These are keys for R1 and R6 respectively. The corresponding
key-strings should be CISCO41 and CISCO46
• Configure R1 to poll R4 with messages bearing key-number 41 and key-
string CISCO41. This should be the locally trusted key, so that R1 may
update it’s clock
• Configure R6 to poll R4 with messages bearing key-number 46 and key-
string CISCO46. This should be the locally trusted key, so that R6 may
update it’s clock
• Finally, authenticate R1 and R6 NTP peering. R6 should send key-number
16 with key-string CISCO16. The same key should be configured on R1,
in order to respond on queries. Both routers should trust this key

Final Configuration
R5:
ntp authentication-key 45 md5 CISCO45
!
interface Serial 0/0
ntp broadcast key 45

R4:
ntp authenticate
ntp authentication-key 45 md5 CISCO45
ntp trusted-key 45
!

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 25 -
CCIE R&S Advanced Technologies Labs IP Services

ntp authentication-key 46 md5 CISCO46

ntp authentication-key 41 md5 CISCO41
!
interface Serial 0/0
ntp broadcast client

R1:
ntp authenticate
ntp authentication-key 41 md5 CISCO41
ntp trusted-key 41
!
ntp server 155.1.146.4 key 41
!
ntp authentication-key 16 md5 CISCO16
ntp trusted-key 16

R6:
ntp authenticate
ntp authentication-key 46 md5 CISCO46
ntp trusted-key 46
!
ntp server 155.1.146.4 key 46
!
ntp authentication-key 16 md5 CISCO16
ntp trusted-key 16
ntp peer 155.1.146.1 key 16

Verification

R4#show ntp associations detail

155.1.0.5 dynamic, authenticated, our_master, sane, valid, stratum 1
ref ID .LOCL., time C906FFA3.C186E2D2 (15:17:55.755 UTC Thu Nov 16 2006)
our mode bdcast client, peer mode bdcast, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.03, reach 376, sync dist 46.753
delay 48.20 msec, offset -16.7511 msec, dispersion 22.63
precision 2**24, version 3
org time C906FFD0.C191A8CD (15:18:40.756 UTC Thu Nov 16 2006)
rcv time C906FFD0.DB5D757D (15:18:40.856 UTC Thu Nov 16 2006)
xmt time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
filtdelay = 48.20 48.20 48.20 48.20 48.20 48.20 48.20 48.20
filtoffset = -16.75 -20.00 19.50 32.92 39.37 -43.31 -3.69 11.06
filterror = 0.99 1.97 2.94 3.92 4.90 5.87 6.85 7.83

R1#show ntp associations detail

155.1.146.6 dynamic, authenticated, selected, sane, valid, stratum 3
ref ID 155.1.146.4, time C906FFAD.69F2C5BD (15:18:05.413 UTC Thu Nov 16 2006)
our mode passive, peer mode active, our poll intvl 64, peer poll intvl 128
root delay 50.55 msec, root disp 83.71, reach 36, sync dist 3987.579
delay 2.94 msec, offset -12.2832 msec, dispersion 3877.03
precision 2**18, version 3
org time C906FFF6.696885D7 (15:19:18.411 UTC Thu Nov 16 2006)
rcv time C906FFF6.6CEE1D2C (15:19:18.425 UTC Thu Nov 16 2006)
xmt time C907000C.A782E05E (15:19:40.654 UTC Thu Nov 16 2006)
filtdelay = 2.94 3.08 3.10 0.00 0.00 0.00 0.00 0.00
filtoffset = -12.28 -10.91 -9.48 0.00 0.00 0.00 0.00 0.00
filterror = 0.66 1.63 2.61 16000.0 16000.0 16000.0 16000.0 16000.0

155.1.146.4 configured, authenticated, our_master, sane, valid, stratum 2

ref ID 155.1.0.5, time C906FFD0.DB5D757D (15:18:40.856 UTC Thu Nov 16 2006)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 26 -
CCIE R&S Advanced Technologies Labs IP Services

root delay 48.20 msec, root disp 39.43, reach 177, sync dist 69.550
delay 3.07 msec, offset -2.9357 msec, dispersion 4.49
precision 2**24, version 3
org time C906FFFC.A747A33C (15:19:24.653 UTC Thu Nov 16 2006)
rcv time C906FFFC.A86CE0E0 (15:19:24.657 UTC Thu Nov 16 2006)
xmt time C906FFFC.A79005F1 (15:19:24.654 UTC Thu Nov 16 2006)
filtdelay = 3.07 3.10 3.30 3.05 3.05 3.13 3.13 3.14
filtoffset = -2.94 0.85 4.27 1.64 -3.59 -7.38 -2.25 -0.60
filterror = 0.02 0.99 1.97 2.94 3.92 4.90 5.51 7.10

R6#show ntp associations detail

155.1.146.1 configured, authenticated, selected, sane, valid, stratum 3
ref ID 155.1.146.4, time C906FFFC.A86CE0E0 (15:19:24.657 UTC Thu Nov 16 2006)
our mode active, peer mode passive, our poll intvl 128, peer poll intvl 64
root delay 51.27 msec, root disp 53.88, reach 376, sync dist 83.603
delay 1.59 msec, offset 12.9571 msec, dispersion 2.79
precision 2**18, version 3
org time C907000C.A782E05E (15:19:40.654 UTC Thu Nov 16 2006)
rcv time C907000C.A466279E (15:19:40.642 UTC Thu Nov 16 2006)
xmt time C9070036.697A7A2B (15:20:22.412 UTC Thu Nov 16 2006)
filtdelay = 1.59 1.63 1.65 1.85 2.04 1.77 2.14 1.21
filtoffset = 12.96 11.63 10.20 8.86 8.12 8.40 7.54 6.38
filterror = 0.35 1.25 2.23 3.01 3.98 4.76 5.74 6.71

155.1.146.4 configured, authenticated, our_master, sane, valid, stratum 2

ref ID 155.1.0.5, time C9070010.DCC46CD2 (15:19:44.862 UTC Thu Nov 16 2006)
our mode client, peer mode server, our poll intvl 128, peer poll intvl 128
root delay 48.20 msec, root disp 37.61, reach 377, sync dist 68.085
delay 2.29 msec, offset 7.9938 msec, dispersion 5.23
precision 2**24, version 3
org time C907002D.6BDCC170 (15:20:13.421 UTC Thu Nov 16 2006)
rcv time C907002D.6A1C1014 (15:20:13.414 UTC Thu Nov 16 2006)
xmt time C907002D.69726ECC (15:20:13.411 UTC Thu Nov 16 2006)
filtdelay = 2.29 2.35 2.32 2.30 2.40 2.41 2.38 2.46
filtoffset = 7.99 13.02 13.69 10.39 5.20 -3.15 -10.74 -14.04
filterror = 0.02 1.97 2.94 3.63 7.54 9.49 10.50 12.45

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 27 -
CCIE R&S Advanced Technologies Labs IP Services

Router Menus

Objective: Create a menu on router

Directions

• Pre-configure routers per the IP Services scenario “Common

Configuration”
• Create user on R4 with name CISCO and password CISCO
• Create menu USERMENU on R4 entitled: “Sample menu”
• The first menu line, named “Current Configuration” should execute “show
run” command
• The second menu line, named “Ping R1” should execute “ping
155.X.146.1”
• The third menu line, named “Telnet to R6” shold execute “telnet
155.X.146.6”
• The forth menu line named “Exit to shell” should execute “menu-exit”
command
• The last menu line named “Exit” should execute “exit” command
• Apply autocommand “menu USERMENU” to user CISCO
• Assign privilege level 15 to user CISCO
• Enabel local authentication on VTY lines

Final Configuration
R4:
menu USERMENU title $
Sample Menu
$
menu USERMENU text 1 "Current Configuration"
menu USERMENU command 1 show run
menu USERMENU text 2 "Ping R1"
menu USERMENU command 2 ping 155.1.146.1
menu USERMENU text 3 "Telnet to R6"
menu USERMENU command 3 telnet 155.1.146.6
menu USERMENU text 4 "Exit to Shell"
menu USERMENU command 4 menu-exit
menu USERMENU text 5 "Exit"
menu USERMENU command 5 exit
Copyright © 2007 Internetwork Expert www.InternetworkExpert.com
- 28 -
CCIE R&S Advanced Technologies Labs IP Services

!
username CISCO password CISCO
username CISCO autocommand menu USERMENU
username CISCO privilege 15
!
line vty 0 4
login local

Verification

R1#telnet 155.1.146.4
Trying 155.1.146.4 ... Open

User Access Verification

Username: CISCO
Password: CISCO

Sample Menu

1 "Current Configuration"

2 "Ping R1"

3 "Telnet to R6"

4 "Exit to Shell"

5 "Exit"

Building configuration...

Current configuration : 1822 bytes

!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $1$YIus$GKTLXAZbwGuTF9hk1U88Q1
!
no aaa new-model
!
resource policy
!
memory-size iomem 15
ip subnet-zero
ip tcp synwait-time 5

Sample Menu

1 "Current Configuration"

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 29 -
CCIE R&S Advanced Technologies Labs IP Services

2 "Ping R1"

3 "Telnet to R6"

4 "Exit to Shell"

5 "Exit"

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 155.1.146.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Sample Menu

1 "Current Configuration"

2 "Ping R1"

3 "Telnet to R6"

4 "Exit to Shell"

5 "Exit"

R4#

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 30 -
CCIE R&S Advanced Technologies Labs IP Services

Gateway Redundancy with VRRP

Objective: Configure redundant gateways with VRRP

Directions

• Create VLAN 456 on all switches involved in the scenario

• Configure the respective switchports for R4, R5 and R6 in VLAN 456
• Configure IP addressing on VLAN 456 interfaces as per diagram
• Configure IP addressing on Frame-Relay interfaces. Use only physical FR
interfaces, and use static mappings
• Map broadcast to the hub router (R1) and from hub to spokes. Use DLCI
numbers specified on diagram
• Configure FR mappings on R5 and R4 so that they can reach each other
via R1
• Configure FR interfaces in OSPF Area 0. Use OSPF network type
broadcast for this link
• Configure FR interface on R5 and R4 to have OSPF priority of zero, so
that they never could become DR
• Redistribute the connected subnets on R4 and R5 into OSPF. R5 should
use metric 500 and R4 should use metric 400. This way, R1 will prefer R4
to reach VLAN456
• Configure VRRP on R4 and R5 Ethernet interfaces. Use VRRP group 1,
and virtual IP 155.X.100.254
• R4 should have priority 110 and R5 should have the default priority 100.
• Authenticate VRRP packets using md5 hash with key CISCO
• Create track object 1 on R4 to track Serial 0/0 line-protocol state
• Configure VRRP on R4 to track object 1 and decrement priority down by
20 if the object is down

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 31 -
CCIE R&S Advanced Technologies Labs IP Services

Final Configuration

SW1-SW4:
vlan 456

SW1:
interface Fa 0/5
switchport host
switchport access vlan 456

SW2:
interface Fa 0/6
switchport host
switchport access vlan 456

SW4:
interface Fa 0/4
switchport host
switchport access vlan 456

R1:
interface Serial 0/0
encapsulation frame-relay
no frame-relay inverse-arp
ip address 155.1.0.1 255.255.255.0
frame-relay map ip 155.1.0.5 105 broadcast
frame-relay map ip 155.1.0.4 104 broadcast
ip ospf network broadcast
no shutdown
!
router ospf 1
router-id 150.1.1.1
network 155.1.0.1 0.0.0.0 area 0

R4:
track 1 interface Serial0/0 line-protocol
!
interface Ethernet0/1
ip address 155.1.100.4 255.255.255.0
half-duplex
vrrp 1 ip 155.1.100.254
vrrp 1 priority 110
vrrp 1 authentication md5 key-string CISCO
vrrp 1 track 1 decrement 20
!
interface Serial 0/0
encapsulation frame-relay
no frame-relay inverse-arp
ip address 155.1.0.4 255.255.255.0
frame-relay map ip 155.1.0.5 401 broadcast
frame-relay map ip 155.1.0.1 401
ip ospf priority 0
ip ospf network broadcast
no shutdown
!
interface Loopback0
ip address 150.1.45.4 255.255.255.0
!
router ospf 1
router-id 150.1.4.4

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 32 -
CCIE R&S Advanced Technologies Labs IP Services

redistribute connected subnets metric 400

network 155.1.0.4 0.0.0.0 area 0

R5:
interface Ethernet0/0
ip address 155.1.100.5 255.255.255.0
half-duplex
vrrp 1 ip 155.1.100.254
vrrp 1 authentication md5 key-string CISCO
no shutdown
!
interface Serial 0/0
encapsulation frame-relay
no frame-relay inverse-arp
ip address 155.1.0.5 255.255.255.0
frame-relay map ip 155.1.0.1 501 broadcast
frame-relay map ip 155.1.0.4 501
ip ospf network broadcast
ip ospf priority 0
no shutdown
!
interface Loopback0
ip address 150.1.45.5 255.255.255.0
!
router ospf 1
router-id 150.1.5.5
network 155.1.0.5 0.0.0.0 area 0
redistribute connected subnets metric 500

R6:
interface Gig 0/0
ip address 155.1.100.6 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 155.1.100.254

Verification

R4#show vrrp
Ethernet0/1 - Group 1
State is Master
Virtual IP address is 155.1.100.254
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 110
Track object 1 state Up decrement 20
Authentication MD5, key-string "CISCO"
Master Router is 155.1.100.4 (local), priority is 110
Master Advertisement interval is 1.000 sec
Master Down interval is 3.570 sec

R6#ping 155.1.0.1 repeat 1000 size 1000

Type escape sequence to abort.

Sending 1000, 1000-byte ICMP Echos to 155.1.0.1, timeout is 2 seconds:
.!!!!!!!!
Rack1AS>4
[Resuming connection 4 to r4 ... ]

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 33 -
CCIE R&S Advanced Technologies Labs IP Services

R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#interface serial 0/0
R4(config-if)#shut
R4(config-if)#
Rack1AS>6
[Resuming connection 6 to r6 ... ]
!!.U....................!!!!!!!!!!!!!!!!!!!!!!.
Success rate is 63 percent (41/65), round-trip min/avg/max = 508/512/544 ms

R4#show vrrp
Ethernet0/1 - Group 1
State is Backup
Virtual IP address is 155.1.100.254
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 90 (cfgd 110)
Track object 1 state Down decrement 20
Authentication MD5, key-string "CISCO"
Master Router is 155.1.100.5, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.570 sec (expires in 3.422 sec)

R4#show track 1
Track 1
Interface Serial0/0 line-protocol
Line protocol is Down (hw admin-down)
3 changes, last change 00:02:03
Tracked by:
VRRP Ethernet0/1 1

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 34 -
CCIE R&S Advanced Technologies Labs IP Services

Gateway Redundancy with HSRP

Objective: Configure redundant gateways with HSRP

Directions

• Create VLAN 456 on all switches involved in the scenario.

• Configure the respective switchports for R4, R5 and R6 in VLAN 456
• Configure IP addressing on VLAN 456 interfaces as per diagram
• Configure IP addressing on Frame-Relay interfaces. Use only physical FR
interfaces, and use static mappings
• Map broadcast to the hub router (R1) and from hub to spokes. Use DLCI
numbers specified on diagram
• Configure FR mappings on R5 and R4 so that they can reach each other
via R1
• Configure FR interfaces in OSPF Area 0. Use OSPF network type
broadcast for this link
• Configure FR interface on R5 and R4 to have OSPF priority of zero, so
that they never could become DR
• Redistribute the connected subnets on R4 and R5 into OSPF. R5 should
use metric 500 and R4 should use metric 400. This way, R1 will prefer R4
to reach VLAN456
• Configure HSRP on R4 and R5 Ethernet interfaces. Use HSRP group 1,
name GROUP1 and virtual IP 155.X.100.254.
• R4 should have priority 110 and R5 should have the default priority 100.
• Configure HSRP for preemption
• Configure HSRP on R4 to track FR interface state with decrement value of
20

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 35 -
CCIE R&S Advanced Technologies Labs IP Services

Final Configuration

SW1-SW4:
vlan 456

SW1:
interface Fa 0/5
switchport host
switchport access vlan 456

SW2:
interface Fa 0/6
switchport host
switchport access vlan 456

SW4:
interface Fa 0/4
switchport host
switchport access vlan 456

R1:
interface Serial 0/0
encapsulation frame-relay
no frame-relay inverse-arp
ip address 155.1.0.1 255.255.255.0
frame-relay map ip 155.1.0.5 105 broadcast
frame-relay map ip 155.1.0.4 104 broadcast
ip ospf network broadcast
no shutdown
!
router ospf 1
router-id 150.1.1.1
network 155.1.0.1 0.0.0.0 area 0

R4:
interface Eth 0/1
ip address 155.1.100.4 255.255.255.0
standby 1 name GROUP1
standby 1 ip 155.1.100.254
standby 1 preempt
standby 1 priority 110
standby 1 track Serial 0/0 20
no shutdown
!
interface Serial 0/0
encapsulation frame-relay
no frame-relay inverse-arp
ip address 155.1.0.4 255.255.255.0
frame-relay map ip 155.1.0.5 401 broadcast
frame-relay map ip 155.1.0.1 401
ip ospf priority 0
ip ospf network broadcast
no shutdown
!
interface Loopback0
ip address 150.1.45.4 255.255.255.0
!
router ospf 1
router-id 150.1.4.4

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 36 -
CCIE R&S Advanced Technologies Labs IP Services

redistribute connected subnets metric 400

network 155.1.0.4 0.0.0.0 area 0

R5:
interface Ethernet 0/0
ip address 155.1.100.1 255.255.255.0
standby 1 name GROUP1
standby 1 ip 155.1.100.254
standby 1 preempt
standby 1 priority 100
no shut
!
interface Serial 0/0
encapsulation frame-relay
no frame-relay inverse-arp
ip address 155.1.0.5 255.255.255.0
frame-relay map ip 155.1.0.1 501 broadcast
frame-relay map ip 155.1.0.4 501
ip ospf network broadcast
ip ospf priority 0
no shutdown
!
interface Loopback0
ip address 150.1.45.5 255.255.255.0
!
router ospf 1
router-id 150.1.5.5
network 155.1.0.5 0.0.0.0 area 0
redistribute connected subnets metric 500

R6:
interface Gig 0/0
ip address 155.1.100.6 255.255.255.0
no shutdown
!
ip route 0.0.0.0 0.0.0.0 155.1.100.254

Verification

R4#show standby
Ethernet0/1 - Group 1
State is Active
5 state changes, last state change 00:00:26
Virtual IP address is 155.1.100.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.960 secs
Preemption enabled
Active router is local
Standby router is 155.1.100.1, priority 100 (expires in 8.960 sec)
Priority 110 (configured 110)
Track interface Serial0/0 state Up decrement 20
IP redundancy name is "GROUP1" (cfgd)

R6#ping 155.1.0.1 repeat 1000 size 1000

Type escape sequence to abort.

Sending 1000, 1000-byte ICMP Echos to 155.1.0.1, timeout is 2 seconds:
!!!!!!
Copyright © 2007 Internetwork Expert www.InternetworkExpert.com
- 37 -
CCIE R&S Advanced Technologies Labs IP Services

Rack1AS>4
[Resuming connection 4 to r4 ... ]

R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#int se 0/0
R4(config-if)#shut
R4(config-if)#
Rack1AS>6
[Resuming connection 6 to r6 ... ]
!!.U...................!!!!!!!!!!!!!!!!!!!!!!!!!!.
Success rate is 66 percent (44/66), round-trip min/avg/max = 508/510/516 ms

R5#show standby
Ethernet0/0 - Group 1
State is Active
5 state changes, last state change 00:01:31
Virtual IP address is 155.1.100.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.880 secs
Preemption enabled
Active router is local
Standby router is 155.1.100.4, priority 90 (expires in 9.880 sec)
Priority 100 (default 100)
IP redundancy name is "GROUP1" (cfgd)

R4#show standby
Ethernet0/1 - Group 1
State is Standby
7 state changes, last state change 00:01:42
Virtual IP address is 155.1.100.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.788 secs
Preemption enabled
Active router is 155.1.100.1, priority 100 (expires in 8.764 sec)
Standby router is local
Priority 90 (configured 110)
Track interface Serial0/0 state Down decrement 20
IP redundancy name is "GROUP1" (cfgd)

Copyright © 2007 Internetwork Expert www.InternetworkExpert.com

- 38 -